From 075ca93ee1880fd863817ba00b900864de06b9d3 Mon Sep 17 00:00:00 2001
From: Tatsuro Shibamura <me@shibayan.jp>
Date: Mon, 24 Feb 2025 12:53:00 +0900
Subject: [PATCH] fix: Fixed the inconsistency in the handling of AAD
 openIdIssuer

---
 src/msha/auth/routes/auth-login-provider-custom.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/msha/auth/routes/auth-login-provider-custom.ts b/src/msha/auth/routes/auth-login-provider-custom.ts
index 600dcf20..ecd5de42 100644
--- a/src/msha/auth/routes/auth-login-provider-custom.ts
+++ b/src/msha/auth/routes/auth-login-provider-custom.ts
@@ -87,7 +87,8 @@ const httpTrigger = async function (context: Context, request: IncomingMessage,
       location = `https://github.com/login/oauth/authorize?response_type=code&client_id=${authFields?.clientIdSettingName}&redirect_uri=${redirectUri}/.auth/login/github/callback&scope=read:user&state=${hashedState}`;
       break;
     case "aad":
-      location = `${authFields?.openIdIssuer}/authorize?response_type=code&client_id=${authFields?.clientIdSettingName}&redirect_uri=${redirectUri}/.auth/login/aad/callback&scope=openid+profile+email&state=${hashedState}`;
+      const tenantId = authFields?.openIdIssuer.split("/")[3];
+      location = `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize?response_type=code&client_id=${authFields?.clientIdSettingName}&redirect_uri=${redirectUri}/.auth/login/aad/callback&scope=openid+profile+email&state=${hashedState}`;
       break;
     case "facebook":
       location = `https://facebook.com/v11.0/dialog/oauth?client_id=${authFields?.appIdSettingName}&redirect_uri=${redirectUri}/.auth/login/facebook/callback&scope=openid&state=${hashedState}&response_type=code`;